Pages

Wednesday, January 18, 2017

Upgrading a Citrix NetScaler VPX HA pair via command line

Those who are familiar with the Citrix NetScaler’s administrative console would be familiar with the upgrade button in the Systems menu that allows the administrator to upload the upgrade package and have the appliance automatically apply the firmware update:

While this feature makes the upgrade process quite easy, I’ve also found that it is sometimes unreliable because the upgrade progress status window could freeze at a certain step and not update which then leaves us wondering if we should close and start over or continue waiting. What I’ve typically done in the past is manually apply the update by uploading the package onto the appliance and using command line to execute the upgrade either via the console or SSH session.

Step #1 – Download and upload firmware package

Begin by logging onto the the Citrix website and download the upgrade package normally named similar to the following:

build-11.1-51.21_nc.tgz

Launch your preferred SFTP client such as WinSCP, connect to the secondary appliance and navigate to the following directory:

/var/nsinstall

Create a directory for the new package and copy the firmware into the directory:

Repeat the same for the active appliance.

Step #2 – Backup and save the NetScaler configuration

Log onto the active NetScaler’s administration console and proceed to backup and save the configuration:

The command save config could be used to save the configuration via the console or SSH session.

A hypervisor snapshot could also be created as well.

Step #3 – Unpack and install firmware upgrade

With the NetScaler backed up and upgrade firmware package uploaded, proceed with accessing the console or opening an SSH session to the secondary node, enter the shell mode by executing shell, navigate to the /var/nsinstall/<firmwareUpdate> directory then execute the following to extract the package:

tar -zxvf ns-x.0-xx.x-doc.tgz

For this example, the command to execute would be:

tar -zxvf build-11.1-51.21_nc.tgz

Once the files have been extracted, proceed to install by executing:

./installns

Continue and restart the appliance once the installation has completed.

With the secondary appliance upgraded and restarted, log back into the console and execute show ver to confirm that the version has been upgraded:

Continue and review the HA status by executing:

show ha node

… to confirm that this node is listed as secondary and synchronization is disabled:

**Note that both Sync State and Propagation is currently configured as AUTO DISABLED because build 51.21 automatically disables these settings during the upgrade.

In the event that synchronization is not disabled, execute the following to disable it:

set node -hasync disable

Execute show ha node again to confirm the status then force the failover:

force failover

Step #5 – Upgrade primary NetScaler node

Repeat the steps outlined in #3:

With the NetScaler backed up and upgrade firmware package uploaded, proceed with accessing the console or opening an SSH session to the secondary node, navigate to the /var/nsinstall/<firmwareUpdate> directory then execute the following to extract the package:

tar -zxvf ns-x.0-xx.x-doc.tgz

For this example, the command to execute would be:

tar -zxvf build-11.1-51.21_nc.tgz

Once the files have been extracted, proceed to install by executing:

./installns

Continue and restart the appliance once the installation has completed.

Step #6 – Verify upgrade of appliances and failover to original primary node

With the second appliance upgraded, proceed by logging onto the appliance and execute show ver to confirm that the version has been upgraded:

Execute the following command to check the status:

show ha node

Proceed by failing back the primary role back to the previous primary appliance with the command:

force failover

Step #7 – Enable synchronization on secondary appliance

Log onto the secondary appliance and execute the following to verify it is in secondary state:

show node

**Note that both Sync State is labeled as SUCCESS and Propagation is labelled as ENABLED because build 51.21 automatically enables these settings after the upgrade.

If Sync State and Propagation is not enabled then execute the following command to enable synchronization:

set node -hasync enable

Execute the following command to verify that the configuration of the secondary appliance is synchronized with that of the primary appliance